GCP Object Storage

            
 

            

        

          

     
          

         

             
          
 





  
  

    
Google Cloud Storage (GCS) is a global service for storing unstructured data as objects. Unlike traditional file systems, GCS is designed for massive scale, allowing you to store and retrieve any amount of data at any time from anywhere on the web.


    
1. Core Storage Classes

    

        
            

                Class
                Frequency
                Ideal Use Case
            

        
        
            

                Standard
                Daily/Active
                Web assets, streaming, and mobile app data.
            

            

                Nearline
                < Once a month
                Data backups and long-tail multimedia.
            

            

                Coldline
                < Once a quarter
                Disaster recovery and archived data.
            

            

                Archive
                < Once a year
                Long-term regulatory and compliance records.
            

        
    



    
2. Access Control (Security)

    
GCS offers multiple layers of security to ensure data is only accessible to authorized users:

    

        

            IAM Permissions
            
Grant access at the Project or Bucket level. Best for managing teams (e.g., "All developers can read this bucket").

        

        

            ACLs (Access Control Lists)
            
Fine-grained control for individual objects within a bucket. Useful when specific files need different permissions.

        

    


    
3. Data Encryption at Rest

    

        
Google-Managed (Default): Keys are automatically created, rotated, and managed by Google.

        

        
CMEK (Customer-Managed): You manage keys via Google Cloud KMS. You control key rotation and can revoke access anytime.

        

        
CSEK (Customer-Supplied): You provide your own AES-256 keys for every operation. Google never stores your keys persistently.

    


    
4. Steps to Deploy Object Storage

    
    
        
  1. Create Bucket: Navigate to Cloud Storage > Buckets. Provide a globally unique name.
    2. 
        
  2. Choose Location: Select Multi-region for maximum availability or Region for lower latency.
    3. 
        
  3. Select Class: Pick a storage class based on your access needs (Standard is the default).
    4. 
        
  4. Enforce Access: Choose "Uniform" (IAM only) or "Fine-grained" (IAM + ACLs) access control.
    5. 
        
  5. Upload & Use: Use the Console, gsutil CLI, or Client Libraries to upload files.
    6. 
    


    
5. Practical Example: Media Hosting

    
For a photo-sharing app, you store high-resolution images in a Standard Bucket. You use IAM to allow your backend server to write images, and you use Signed URLs to allow users to view their private photos for a 10-minute window after they log in.